[Git][security-tracker-team/security-tracker][master] new gitlab issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Jul 11 09:09:14 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
45da26bf by Moritz Muehlenhoff at 2025-07-11T10:08:55+02:00
new gitlab issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27,11 +27,11 @@ CVE-2025-7407 (A vulnerability, which was classified as critical, was found in N
 CVE-2025-7021 (Fullscreen API Spoofing and UI Redressing in the handling of Fullscree ...)
 	NOT-FOR-US: OpenAI Operator SaaS
 CVE-2025-6948 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2025-6211 (A vulnerability in the DocugamiReader class of the run-llama/llama_ind ...)
 	NOT-FOR-US: run-llama/llama_index
 CVE-2025-6168 (An issue has been discovered in GitLab EE affecting all versions from  ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2025-5040 (A maliciously crafted RTE file, when parsed through Autodesk Revit, ca ...)
 	NOT-FOR-US: Autodesk
 CVE-2025-5037 (A maliciously crafted RFA file, when parsed through Autodesk Revit, ca ...)
@@ -104,7 +104,7 @@ CVE-2025-52434 (Concurrent Execution using Shared Resource with Improper Synchro
 	NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
 	NOTE: https://github.com/apache/tomcat/commit/8a83c3c42d20762782678932c14005cd3397a018 (9.0.107)
 CVE-2025-4972 (An issue has been discovered in GitLab EE affecting all versions from  ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2025-49812 (In some mod_ssl configurations on Apache HTTP Server versions through  ...)
 	- apache2 <unfixed>
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-49812
@@ -132,7 +132,7 @@ CVE-2025-45662 (A cross-site scripting (XSS) vulnerability in the component /mas
 CVE-2025-44251 (Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in cleartext duri ...)
 	NOT-FOR-US: Ecovacs
 CVE-2025-3396 (An issue has been discovered in GitLab EE affecting all versions from  ...)
-	TODO: check
+	- gitlab <not-affected> (Specific to EE)
 CVE-2025-36090 (IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote  ...)
 	NOT-FOR-US: IBM
 CVE-2025-34102 (A remote code execution vulnerability exists in CryptoLog (PHP version ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45da26bfe1af2d89594f0f9788aeb1730114686c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45da26bfe1af2d89594f0f9788aeb1730114686c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250711/4ff78350/attachment.htm>

More information about the debian-security-tracker-commits mailing list